Arbor Networks study shows rate of DDoS attack increase in past 10 years
Distributed denial of service (DDoS) attacks are growing in size, complexity and frequency, according to the latest Annual Infrastructure Report from Arbor Networks.
In 2004, the largest DDoS attack was 8Gbps. Now, it’s reached 400Gbps, with other reported events at 300, 200 and 170Gbps in 2014, according to the report. 2013’s peak was 245Gbps. 38% of survey respondents said they had seen more than 21 attacks per month this year, up significantly from just over a quarter in 2013.
90% of the 287 respondents said their DDoS attacks were at the application layer, while 42% experienced multi-faceted attacks including volumetric, application layer and state exhaustion techniques. More than a quarter of respondents said they saw attacks targeting cloud services, while more than a third had firewall or IPS devices experience a failure of some sort during a DDoS attack.
Almost half (44%) of respondents in data centres said they experienced revenue losses due to DDoS, while more than a third experienced attacks which exhausted their bandwidth – a crucial issue, as it adds collateral damage to data centre customers’ cloud infrastructure.
Yet the key here is how this targets the enterprise. 10% of companies polled said they felt “completely unprepared” to respond to a security incident, while 40% felt “reasonably or well prepared”.
Those with good memories will recall Code Spaces, the web-based SVN and Git hosting provider which had to wave the white flag back in June after what it called a “well-orchestrated” DDoS attack. And according to these survey results, this could be the tip of the iceberg.
“In 2004, the corporate world was on watch for self-propagating worms like Slammer and Blaster that devastated networks the year before; and data breaches were most likely carried out by employees who had direct access to data files,” said Darren Anstee, Arbor director of solutions architects.
“Today, organisations have a much wider and more sophisticated range of threats to worry about, and a much broader attack surface to defend,” he added. “The business impact of a successful attack or breach can be devastating – the stakes are much higher now.”
You can access the full report here (registration required).
- » WhiteHat report finds security flaws in most mobile apps – but don’t panic
- » Enterprises are finding open source so alluring that vulnerabilities are less important
- » Deflecting DDoS: Key tactics in the battle against IoT-powered attacks
- » New York cybersecurity fund shows importance of investing in people rather than technology
- » Three steps to create secure instant messaging within your organisation